<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 11.12.2015 12:19, Marek Posolda
wrote:<br>
</div>
<blockquote cite="mid:566AB137.3050107@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">I think what we can possibly do is:<br>
<br>
1) Improve KeycloakTransactionManager to allow enlist with
"priority" . Instead of methods:<br>
<br>
void enlist(KeycloakTransaction transaction);<br>
void enlistAfterCompletion(KeycloakTransaction transaction);<br>
<br>
we will have single method:<br>
<br>
void enlist(KeycloakTransaction transaction, int priority);<br>
<br>
By default, JPA will enlist transaction with priority 10 and
infinispan with priority 20 or something like that.<br>
<br>
This change will allow to enlist your transaction in your
FederationProvider with exact priority. So you can choose
whether the commit will happen before JPA commit, or after JPA
commit or even after infinispan commit etc.<br>
<br>
</div>
</blockquote>
<br>
+1, this may help to resolve current problems<br>
<br>
<blockquote cite="mid:566AB137.3050107@redhat.com" type="cite">
<div class="moz-cite-prefix"> 2) Make TxAwareLDAPUserModelDelegate
class more generic and reusable for other federation providers<br>
</div>
</blockquote>
<br>
may also help, but point 1 with correct documentation is main what
we have to do<br>
<br>
Thanks<br>
<br>
Vlastimil<br>
<br>
<blockquote cite="mid:566AB137.3050107@redhat.com" type="cite">
<div class="moz-cite-prefix"> <br>
Marek<span style="background-color:#e4e4ff;"><br>
<br>
</span> On 11/12/15 10:50, Vlastimil Elias wrote:<br>
</div>
<blockquote cite="mid:566A9C53.1080401@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
Hi,<br>
<br>
I use similar approach and problem is (at least I think) that
local DB transaction is already commited when our code runs. It
has two negative effects:<br>
- if remote service call is successful you are not able to write
anything locally as Jorge mentioned<br>
- if remote service call fails local DB record is commited
already and it is hard to implement correct error handling<br>
<br>
So I think User Federation SPI should be extended by exact
method which allows atomic call of backend during user creation
or update before local transaction is commited. I already
created issue for it but not resolved yet <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://issues.jboss.org/browse/KEYCLOAK-1075"><a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-1075">https://issues.jboss.org/browse/KEYCLOAK-1075</a></a><br>
<br>
Vlastimil<br>
<br>
<div class="moz-cite-prefix">On 10.12.2015 18:49, Jorge M.
wrote:<br>
</div>
<blockquote
cite="mid:CAHEpHRLRHiqNAQUm0KJnCDrtMWp9ZNOPY5ffLDEfhbZJsRLSNg@mail.gmail.com"
type="cite">
<p dir="ltr">Hi,</p>
<p dir="ltr">I think I'm in the right track now. I'm being
able to call the webservice before commit. However, when the
user is sucessfully created by the webservice, I need to
update my local user to add a property with the external
user id. How can I do that in the same transaction?<br>
I'm trying to set the property on the managed delegate user
model, but it has no effect.</p>
<p dir="ltr">Thank you!</p>
<div class="gmail_quote">On 9 Dec 2015 18:39, "Marek Posolda"
<<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>On 09/12/15 19:33, Jorge M. wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">I'm developing a custom federation that
communicates with my user repository via
webservices. <br>
Probably this is a very strange scenario for a
federation but that's the unique way that I have to
communicate with the repository.</p>
<p dir="ltr">My problem is that, as the webservices
only exposes methods such as createUser and
updateUser, I'm having problems with registrations
and user profile updates because I'm not being able
to do atomic calls to the webservice methods, with
all the information that I need.</p>
<p dir="ltr">As far as I know, from the properties
file example and from the ldap federation source
(probably I'm missing something) it seems that the
federation api is intended to update and sync
attribute by attribute (Keycloak <->
Federation). <br>
Am i wrong? Do you suggest another approach? Should
I give up from having a federation that uses a
webservice?</p>
</blockquote>
You can use "transaction wrapper", which will allow you
to store all the updates to user locally, but send the
UPDATE request to your webservice later at transaction
commit time. You may need to create custom transaction
and enlist it with Keycloak TransactionManager. <br>
<br>
This is what we have for LDAP federation provider right
now. See <span style="background-color:#e4e4ff">TxAwareLDAPUserModelDelegate.</span>
<br>
<br>
Marek<br>
<blockquote type="cite">
<p dir="ltr">Thank you.</p>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
</body>
</html>